This invention relates in general to two-way security protocols for authenticating clients and access routers to each other when the clients seek connectivity service for network access and when the routers offer network connectivity. The security protocols according to the present invention build upon AAA (Authentication, Authorization and Accounting) and use Router Discovery as a carrier for implementing the security protocols.
Public access IP networks are widely deployed with the proliferation of globally routable IP-aware devices, such as cell phones and personal digital assistants (PDA). Especially, the progress in cellular radio technology and the growth rate of the cellular telephone systems over the last several years is indicative of tremendous market demand for location independent communication. The role of wireless has gone well beyond the traditional voice and paging mobile radio services of a few short years ago. The International Telecommunication Union (ITU), the recognized authority for worldwide network standards, has recently published its International Mobile Telecommunications-2000 (IMT-2000) standard. The standard proposes so-called third generation (3G) networks that include extensive mobile access by wireless, mobile clients including cellular phones, PDAs, handheld computers, and the like. In the proposed 3G networks, mobile clients, or roaming clients, are free to move and allowed to change their points of attachment from one base station to another while maintaining access to network resources. Some of the 3G networks provide mobility at link layer (layer 2). But the future networks (so called 4G) are expected to provide mobility at IP layer (layer 3).
The Internet Engineering Task Force (IETF), an international community of network designers, operators, vendors, and researchers concerned with the evolution of the Internet architecture and the smooth operation of the Internet, have proposed several standards for mobility support at IP layer. These include proposed standards for IP Mobility Support such as IETF RFC 2002, also referred to as Mobile IP Version 4 (IPv4), and draft working document <draft-ietf-mobileip-ipv6-17> entitled “Mobility Support in IPv6,” also referred to as Mobile IP Version 6, both of which are incorporated herein by reference. According to the protocol operations defined in Mobile IPv4 and IPv6, while maintaining access to network resources, a client is allowed to move over networks and change its point of attachment from one access router to another. This operation is commonly referred to as “Layer 3 (L3) handoff.”
The purpose of performing the L3 handoff operation is to update packet routing information on a roaming client through a registration process. A client is always addressable by its “home address,” an IP address assigned to the client by an access router on the home network (home router) or chosen by the client itself. While situated away from its home on a foreign network, however, a client is configured with a care-of address which indicates the client's current point of attachment to the network. The care-of address is the address of an access router on the foreign network (foreign router), and the client operating away from home registers its care-of address with its home router. The home router that has received a registration request then intercepts packets destined for the client and routes the packets to the client's care-of address. In Mobile IPv6, a client away from home sends a binding update to its home router and any correspondent node in communication. A correspondent node may be a mobile client like the client or may be a server that provides data to the client. The correspondent node that has received the binding update then sends packets directly to the client without routing them through the home router.
A crucial security issue arises when a roaming client seeks network connectivity in a visited network. The client has to be authenticated before any network access is granted to it. An unauthenticated client may be a free-loader that tries to access network resources under a false or stolen ID. Such a client may also be a malicious node seeking network access only for the purpose of disrupting the orderly operation of networks. Similarly, clients may want to authenticate access routers which are offering network connectivity to the client. The access router may be a rogue router that will eavesdrop the client's communication or divert the communication to somewhere else or just drop the communication. Currently, there are numerous authentication mechanisms implemented and deployed for various access technologies. Examples include authentication of PPP and 802.11 networks. One drawback to utilizing these networks is that these networks provide link-layer solutions; as such their applicability is limited to specific access technologies. It is clearly beneficial to provide a network-layer solution because network-layer solutions do not choose radio access technologies that function below it.